Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
September 10, 2007 Larson Allen LLP, FirstHealth of the Carolinas Inc
Pinehurst, North Carolina
BSF PORT

3913

A laptop was stolen from a Larson Allen employee.  It contained a spreadsheet with the personal information of FirstHealth's employees.  The information included the names, Social Security numbers dates of birth, addresses and employment information of people on payroll during August.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,913

July 3, 2013 Indiana Family and Social Services Administration (FSSA), RCR Technology Corporation
Indianapolis, Indiana
GOV DISC

187,533 (3,926 SSNs exposed)

A computer programming glitch resulted in the exposure of client health, financial, and employment information.  Personal and private documents that belonged to certain clients were accidentally made available to other clients between April 6 and May 21 when FSSA contractor RCR Technology Corporation made a programming error.  The issue was discovered on May 10 and addressed on May 21.  Patients of clients may have had their names, addresses, dates of birth, demographic information, contact information, types of benefits received, monthly benefit amount, employer information, monthly income and expenses, bank balances and other assets, medical providers, medical conditions, and information about household members exposed.

 
Information Source:
Media
records from this breach used in our total: 3,926

October 15, 2007 Transportation Security Administration
Arlington, Virginia
GOV PORT

3,930

Two laptop computers with detailed personal information about commercial drivers across the country who transport hazardous materials are missing and considered stolen. The laptops contained the names, addresses, birthdays, commercial driver's license numbers and, in some cases, Social Security numbers of 3,930 people.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,930

October 14, 2010 Boston Veterans Benefits Administration Regional Office
Boston, Massachusetts
GOV DISC

3,936

Some veteran benefit information was mailed to the wrong addresses on August 25. Of the 6,299 letters sent to incorrect addresses, 3,913 had full Social Security numbers and 2,386 had Veterans Benefits Administration claim numbers. A program error caused some of the letters to be mailed to the incorrect addresses.

 
Information Source:
Databreaches.net
records from this breach used in our total: 3,936

November 8, 2013 Ferris State University - Michigan College of Optometry
Big Rapids, Michigan
MED HACK

3,947

Michigan College of Optometry learned on July 23, 2013 that their network had been compromised in December of 2011.  A malware program could have accessed the names, Social Security numbers, demographic information, and a limited amount of clinical information of patients that were on the server.  Former and current patients were mailed letters on September 24.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 3,947

July 28, 2006 Merlin Information Services
Kalispell, Montana
BSO HACK

3,957

The login information for a qualified customer was compromised. This resulted in the possible exposure of customer names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,957

December 22, 2012 Omnicell, University of Michigan Health System
Ann Arbor, Michigan
MED PORT

3,997 (No SSNs or financial information reported)

An electronic device was stolen from an Omnicell employee's car on November 14.  The device was not encrypted and contained the medication, demographic, and health information of 4,000 patients from three hospitals in the University of Michigan Health System.  

UPDATE (1/2/2013): A total of 3,997 people who were treated between October 24 and November 13 at three hospitals in the University of Michigan Health System were affected.  However, patients of at least 10 Sentara Healthcare and South Jersey Healthcare medical facilities were also affected. A total of 56,000 Sentara Healthcare patients from Sentara CarePlex, Sentara Leigh Hospital, Sentara Norfolk General Hospital, Sentara Obici Hospital, Sentara Princess Anne Hospital, Sentara Virginia Beach General Hospital, Sentara Williamsburg Regional Medical Center, Sentara Belle Harbour, Sentara Independence, and Sentara Port Warwick who were treated between October 18, 2012 and November 9, 2012 were affected.  A total of 8,555 patients from South Jersey Healthcare who were either treated or scheduled for admission between June 1, 2012 and November 12, 2012 were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 3,997

June 13, 2006 U.S. Dept of Energy, Hanford Nucear Reservation
Richland, Washington
GOV UNKN

4,000

Current and former workers at the Hanford Nuclear Reservation were notified that their personal information may have been compromised, after police found a 1996 list with workers' names, Social Security numbers, birth dates, work titles, assignments, and telephone numbers in a home during an unrelated investigation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

July 26, 2006 U.S. Navy recruitment offices
Trenton, New Jersey
GOV PORT

31,000 records were stolen, with about 4,000 containing SSNs. The latter number is included in the total below.

Additional location: Jersey City, NJ

Two laptop computers with information on Navy recruiters and applicants were stolen in June and July. Also included was information from selective service and school lists. About 4,000 records contained SSNs. Files were password protected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

September 16, 2006 Michigan Department of Community Health
Detroit, Michigan
GOV PORT

4,000

Residents who participated in a scientific study were notified that a flash drive was discovered missing as of Aug. 4, and likely stolen, from an MDCH office.The portable memory device contained names, addresses, phone numbers, dates of birth, and SSNs of participants. The study tracked the long-term exposure to flame retardents ingested by residents in beef and milk.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

January 26, 2007 Indiana Department of Transportation (INDOT)
Indianapolis, Indiana
GOV DISC

4,000

The names and SSNs of INDOT employees were inadvertently posted on an internal network computer drive sometime between Sept. 6 and Dec. 4, 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

March 20, 2007 Tax Service Plus
Santa Rosa, California
BSF STAT

4,000

Thieves stole the company's backup computer, which contained financial data on thousands of tax returns dating back three years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

June 1, 2007 Northwestern University
Evanston, Illinois
BSO DISC

4,000

c-loebbaka@northwestern.edu

Files containing personal information of students and applicants were available online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

June 22, 2007 Texas First Bank
Texas City, Texas
BSF PORT

4,000

Information such as account numbers, Social Security numbers, names and addresses may have been stored on a stolen laptop computer during a car theft in Dallas.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

January 10, 2008 Select Physical Therapy
Levelland, Texas
MED PHYS

4,000

The company dumped about 4,000 pieces of sensitive customer information in garbage containers behind its facility. The records included Social Security numbers, credit and debit card account numbers, names, addresses and telephone numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

February 1, 2008 Marine Corps Bases Japan
Washington, District Of Columbia
GOV PORT

4,000

Additional location: Okinawa, Japan

A laptop was stolen which contained personally identifiable information for clients of Marine Corps Community Services' New Parent Support Program. The laptop may contain names, ranks, Social Security numbers, dates of birth, children's names and mailing addresses of U.S. military service members, U.S. government employees and Status of Forces Agreement personnel on Okinawa and Marine Corps Air Station Iwakuni. It does not include driver's license numbers or bank and credit card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

June 12, 2009 Oregon Health and Science University
Portland, Oregon
EDU PORT

4,000

A physician's laptop was stolen from a car parked at the doctor's home. Patient names, treatment dates, short medical treatment summaries and medical record numbers were stored on the computer. There were no home addresses, billing information or Social Security numbers stored on the laptop.

UPDATE (08/11/10): It seems that as many as 4,000 patients may have been affected and Social Security numbers were involved.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

September 2, 2010 Kinetic Concepts Inc. (KCI)
San Antonio, Texas
BSR DISC

4,000

An attachment with sensitive employee information was accidentally emailed to company employees. The information included names, Social Security numbers, addresses, dates of birth and salary information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

February 22, 2006 University of Texas M.D. Anderson Cancer Center
Houston, Texas
MED PORT

4,000

A laptop containing insurance information for patients was stolen from a PricewaterhouseCoopers employee's home in November. Patients and patient families were notified in January that their private health information, policy numbers, dates of birth, ZIP codes and Social Security numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

September 15, 2006 Harlem Hospital Center, New York City Health and Hospitals Corporation
New York, New York
MED PORT

4,000

A computer hard drive was lost or stolen sometime around September 8. The hard drive contained the names and Social Security numbers of current and former Harlem Hospital employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

September 23, 2011 United States Steel and Carnegie Pension Fund, Benefits Administration Services
New York, New York
BSO PORT

4,000

A CD with the names, Social Security numbers and dates of birth of U.S. Steel Mining retirees and dependents was lost in the mail.  Benefits Administration Services (BAS) mailed the CD in August, but it was not received.  BAS is still working with the U.S. Postal service to recover the CD.

 
Information Source:
Databreaches.net
records from this breach used in our total: 4,000

May 27, 2011 San Juan Unified School District
Carmichael, California
EDU DISC

4,000

A human resources employee of San Juan Unified uploaded sensitive employee information onto a flash drive.  Somehow the information was uploaded onto a website when the employee used the flash drive to perform volunteer work at her church.  An employee who Googled their own name discovered that they could also see their Social Security number and other sensitive information.  The information was available for six months.   San Juan Unified decided to ban flash drives as a result of the incident.

 
Information Source:
Databreaches.net
records from this breach used in our total: 4,000

May 18, 2011 The Securities and Exchange Commission
Denver, Colorado
GOV DISC

4,000

On May 4, a contractor working for the Interior Department's National Business Center accidentally sent an unencrypted email.  There was a security feature in the system software that was designed to prevent such mistakes, but it failed to stop the email from going through.  Any information in the unencrypted email was vulnerable for about 60 seconds.  The email contained agency employee Social Security numbers and other payroll information.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 4,000

April 14, 2012 Texas A&M University
College Station, Texas
EDU DISC

4,000

Alumni who graduated before 1985 and requested copies of their transcripts may have been affected by a breach involving accidental disclosure.  Certain alumni had their names, Social Security numbers, addresses, and telephone numbers in an electronic file that was emailed to an individual who would not normally have access to such information.  The person who received the email notified the University.

UPDATE (5/03/2012): This breach was erroneously listed as occurring in Corpus Christi, Texas on this site. The breach affected those who were associated with Texas A&M University in College Station, Texas.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

September 14, 2010 Rice University
Houston, Texas
EDU PORT

7,250 (4,003 Social Security numbers)

A portable device with personal information of current and former employees and some students was stolen.  The device had a payroll file which contained the information of students, faculty, and staff on payroll as of January 2010.  Social Security numbers, addresses, names, dates of birth and other employment information may have been exposed.

 

UPDATE (9/18/10): Additionally details reveal that the information was not encrypted.  Approximately 2,270 students were affected.  Four thousand of the Social Security numbers on the device were from faculty or staff, while three were from students.  The banking information of two employees was also on the device.

 
Information Source:
Databreaches.net
records from this breach used in our total: 4,003

March 8, 2010 Arrow Electronics
Melville, New York
BSO PORT

4,004

The theft of a laptop from the office of Arrow Electronics has resulted in the company notifying 4,004 current and former employees that their personal information was on the laptop. The laptop was stolen during a break-in on February 18. Personal information on the laptop included names, addresses, telephone numbers, and for some of those who used company Blackberry, wireless AirCard and calling card services, their Social Security numbers, some credit card information such as last four digits, security code, and expiration date.

 
Information Source:
Media
records from this breach used in our total: 4,004

March 8, 2010 Arrow Electronics
Melville, New York
BSR PORT

4,044

A laptop containing current and former employee personal information was stolen. The information included names, Social Security numbers, addresses, telephone numbers, and some corporate and personal credit cards.

 
Information Source:
Databreaches.net
records from this breach used in our total: 4,044

January 26, 2007 Chase Bank and the former Bank One, now merged
Shreveport, Louisiana
BSF PHYS

4,100 current and former employees from all over Louisiana

A Bossier woman bought a used desk from a furniture store. She discovered a 165-page spread sheet in a drawer that included names and SSNs of bank employees. The document was returned to the bank.

 
Information Source:
Media
records from this breach used in our total: 4,100

March 15, 2012 Washington University
St. Louis, Missouri
EDU INSD

4,100

A University employee was discovered copying electronic files onto an external hard drive on February 17, 2012.  The hard drive was recovered and the employee was fired.  The hard drive contained the names, Social Security numbers, addresses, and dates of birth of University employees and job applicants.  It is unclear if the hard drive information was used for fraudulent purposes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,100

January 27, 2006 State of Rhode Island website (www.RI.gov)
Providence, Rhode Island
GOV HACK

4,118

Hackers obtained credit card information in conjunction with names and addresses. The credit card companies were notified of the breach, but not the customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,118

September 23, 2006 Erlanger Health System
Chattanooga, Tennessee
MED PORT

4,150 current and former employees

Records of hospital employees disappeared from a locked office on Sept. 15. They were stored on a USB jump drive. Information was limited to names and SSNs. Those affected included anyone who went through job status changes from Nov. 2003 to Sept. 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,150

November 3, 2011 Kunz Opera House
Pinckneyville, Illinois
MED PHYS

4200 (Unknown number SSNs)

ER patients in Metropolis and Staunton who saw Dr. Tim Mathis may have been affected.

A physician kept 14 boxes of medical records from former patients in the front window of his building.  A fire that struck the building, the Kunz Opera House, damaged the records and personal property.  Some records were found in the street.  An unspecified number of the damaged records were then buried in a secure location. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 4,200

January 8, 2008 University of Georgia
Athens, Georgia
EDU HACK

4,250

Former and prospective residents of a University housing complex were affected by a hacker who was able to access a server containing personal information, including Social Security numbers. A computer with an overseas IP address was able to access the personal information - including Social Security numbers, names and addresses - of 540 current graduate students living in graduate family housing and 3,710 former students and applicants.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,250

August 28, 2008 Reynoldsburg Ohio City School District
Reynoldsburg, Ohio
EDU PORT

4,259

Reynoldsburg school officials were phasing out the use of Social Security numbers in the district's student database when someone stole a laptop containing that information. The district laptop, taken from a computer technician's car, also included names, addresses and phone numbers for two-thirds of the district's enrollment.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,259

November 29, 2007 Ortho-Clinical Diagnostics Inc. (OCD)
Raritan, New Jersey
BSO DISC

4,285

An electronic folder that resided on a share drive at OCD was accessed by authorized users of the Johnson & Johnson computer system in North America for approximately six months.  The file should have only been accessed by authorized human resources personnel and included current and former employee Social Security numbers, addresses, phone numbers, pre-employment screening information, compensation information and other employment data.  The information in the folder dates back to January of 2002. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,285

January 6, 2012 Spotsylvania County
Spotsylvania, Virginia
EDU DISC

4,289

An employee discovered that it was possible to access current and former employee W-2 forms online via a Google search.  The W-2 form contained employee name, Social Security number, address, earnings, and taxes paid for 2009 and 2010.  The discovery was made on December 23 of 2011. 

 
Information Source:
Media
records from this breach used in our total: 4,289

February 7, 2008 Memorial Hospital
South Bend, Indiana
MED PORT

4,300

A laptop containing the personal information of full and part time employees and retirees is missing. The missing computer contains their names, addresses, birth dates, ID numbers and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,300

January 15, 2011 Omaha School Employees Retirement System
Omaha, Nebraska
EDU HACK

4,300

A breach of Omaha School Employees Retirement System's website was discovered on December 21. The incident occurred because of an attempt to access administrator log-in information. The hacker or hackers may have obtained a database with names, Social Security numbers, dates of birth, years of service and beneficiary information of current and former Omaha Public Schools employees. The website was shut down within two hours of the discovery.

 
Information Source:
Databreaches.net
records from this breach used in our total: 4,300

October 30, 2006 National Financial Partners (NFP)
New York, New York
BSF INSD

4,327

A former payroll department employee may have had access to former and current employee information.  The information included Social Security numbers, addresses and birth dates.  The employee was not authorized to view the information.  It is unclear if the employee still had access to the electronic files after termination.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,327

August 24, 2010 Eastmoreland Surgical Clinic and Vein Center
Portland, Oregon
MED STAT

4,328

Desktop computers were stolen from the office around July 5.  The computers had patient names, addresses, Social Security numbers, phone numbers, reason for visit and insurance carrier information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 4,328

March 24, 2008 National Institutes of Health
Bethesda, Maryland
GOV PORT

4,359

A laptop was stolen from the trunk of a car. It contained information about heart disease patients, including their names, dates of birth and diagnoses of their medical conditions.

UPDATE (4/14/08): Ongoing review of the computer's last-known contents, performed on data backed up from the laptop before it was stolen, has found a file that, unbeknownst to the lead researcher, had been loaded onto the laptop by a research associate.That file included Social Security numbers for at least 1,281 of the 3,078 patients enrolled in the multi-year study, which is sponsored by the NIH's National Heart, Lung and Blood Institute.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,359

September 9, 2007 De Anza College
Cupertino, California
EDU PORT

4,375

(408) 864-8292

Thousands of former students might be at risk for identity fraud after an instructor's laptop computer, containing students' personal information, was stolen last month. The computer contained the students' names, addresses, grades and in many cases Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,375

October 9, 2006 Troy Athens High School
Troy, Michigan
EDU PORT

4,400

For questions or comments, call (248) 823-4035

A hard drive stolen from Troy Athens High School in August contained transcripts, test scores, addresses and SSNs of students from the graduating classes of 1994 to 2004. The school district and the superintendent have notified all affected alumni by regular mail.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,400

April 20, 2009 FairPoint Communications Inc.
Charlotte, North Carolina
BSO PORT

4,400

A worker's failure to abide by security precautions caused a portable data-storage device containing employee information to disappear. The device contained information for all current FairPoint employees and some former employees, or about 4,400 individuals in total. Such data may have included names, home addresses and phone numbers, Social Security numbers, birth dates and certain compensation and employment information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,400

August 1, 2009 Williams Cos. Inc.
Tulsa, Oklahoma
BSO PORT

4,400

A laptop containing personal and compensation information for more than 4,400 current and former employees was stolen from a worker's vehicle. The computer had names, birth dates, Social Security numbers and compensation data for every Williams employee since Jan. 1, 2007.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,400

November 28, 2013 Florida Digestive Health Specialists
Bradenton, Florida
MED INSD

4,400

An employee was found to have improperly accessed and photographed patient records.  The issue was discovered when the employee had the images printed at a store and a store employee reported the incident.  Patient names, Social Security numbers, dates of birth, and phone numbers were exposed.  The employee was fired and a criminal investigation has begun.

 
Information Source:
Media
records from this breach used in our total: 4,400

September 6, 2013 Georgia Department of Labor
Marrieta, Georgia
GOV DISC

4,457

An employee accidentally emailed a document with the names and Social Security numbers of 4,457 Cobb-Cherokee Career Center customers to 1,000 people.  Recipients were notified and instructed to delete the email immediately without reading it.

UPDATE (09/06/2013): The employee who accidentally sent the email attachment was suspended. The Georgia Department of Labor is also reviewing its internal policies for handling sensitive information.

 
Information Source:
Media
records from this breach used in our total: 4,457

November 18, 2010 Hanger Prosthetics and Orthotics Group
Austin, Texas
MED PORT

4,486

A laptop was stolen from a human resources employee on November 4. The laptop contained employee names, Social Security numbers, health information and addresses.

UPDATE (2/15/11): HHS shows that the breach affected 4,486 people.

 
Information Source:
Databreaches.net
records from this breach used in our total: 4,486

November 6, 2009 Chaminade University
Honolulu, Hawaii
EDU DISC

4,500

www.chaminade.edu/infosecure
infosecure@chaminade.edu

Chaminade University inadvertently posted confidential information, including Social Security numbers, of thousands of students, on its Web site for months. An investigation determined the report was placed on obscure -- though publicly accessible -- Web pages because of human error, according to a university news release. The information was accessible for about eight months, although there is no evidence of its use, officials said. The university estimates that personally identifiable data for 4,500 students were in the report. Those affected include undergraduate students who attended the university from 1997 to 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500

December 28, 2009 Providence Health
Portland, Oregon
MED DISC

4,500

Providence Health Plans is re-issuing thousands of insurance cards after personal information was accidentally sent to the wrong policy-holders. Officials with Providence Health Plans say about 4,500 mailings were sent out with the incorrect group and member ID numbers, meaning that some policy holders received others’ information. Officials noticed the problem Monday.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005
Showing 3501-3550 of 4489 results


X

Sign In!

Loading